Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 12114: 阅读#REG:454ecf7e-c028-46f6-b744-6513c495bd60
Сетевая активность:
Подключается к:
- s####.####.com
- m####.####.com
- 2####.####.87:8383
- a####.####.com
- 2####.####.155:9999
Запросы HTTP GET:
- s####.####.com/zybook/u/p/api.php?Act=####&usr=####&rgt=####&p1=####&pc=...
- s####.####.com/cps/getInnerBookList?channel=####&version=####&model=####
- s####.####.com/cocoon/alias/gen?usr=####&rgt=####&p1=####&pc=####&p2=###...
- a####.####.com/r/drm/getTimeStamp?usr=####&rgt=####&p1=####&pc=####&p2=#...
- s####.####.com/message/advice/addGidBaseInfo?aid=####&cid=####&pf=####&z...
- a####.####.com/smart/tag/manu_info?user_name=####
Запросы HTTP POST:
- 2####.####.155:9999/
- 2####.####.87:8383/device/reg/
- m####.####.com/api/internal.do
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/shared_prefs/theme_bg_yejian9.xml
- <Package Folder>/shared_prefs/theme_layout_pad70_wangwen.xml
- <Package Folder>/shared_prefs/theme_layout_pad70_qingsuan.xml
- <Package Folder>/plugins/pluginweb_search/1495005891898.apk
- <Package Folder>/shared_prefs/theme_layout_pad70.xml
- <Package Folder>/plugins/installedlist.plugin
- <Package Folder>/databases/iReader.db-journal
- <Package Folder>/shared_prefs/theme_bg_yejian7.xml
- <Package Folder>/shared_prefs/theme_bg_yejian6.xml
- <Package Folder>/shared_prefs/com.zhangyue.iReader.SharedPreferences.xml
- <Package Folder>/shared_prefs/theme_user.xml
- <Package Folder>/shared_prefs/theme_layout_pad70_chuban.xml
- <Package Folder>/shared_prefs/theme_bg_yejian8.xml
- <Package Folder>/shared_prefs/mqpush.serverconfig.xml
- <Package Folder>/shared_prefs/theme_bg_huyan.xml
- <Package Folder>/databases/task.db-journal
- <Package Folder>/shared_prefs/theme_layout_manhua.xml
- <Package Folder>/shared_prefs/theme_bg3.xml
- <Package Folder>/databases/market.db-journal
- <Package Folder>/plug.apk
- <Package Folder>/databases/TBFileDownload-journal
- <Package Folder>/app_zhangyue_ad/schedule
- <Package Folder>/shared_prefs/GeneralSetting.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/theme_bg5.xml
- <Package Folder>/yunba
- <Package Folder>/plugins/pluginweb_search/pathinfo
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/databases/smagazine.db-journal
- <Package Folder>/shared_prefs/com.zhangyue.iReader.SharedPreferences.temp.xml
- <Package Folder>/shared_prefs/com.zhangyue.iReader.SharedPreferences.xml.bak
- <Package Folder>/shared_prefs/theme_bg1.xml
- <Package Folder>/shared_prefs/theme_bg2.xml
- <Package Folder>/shared_prefs/theme_pager.xml
- <Package Folder>/shared_prefs/com.zhangyue.iReader.SharedPreferences.temp.xml.bak
Другие:
Запускает следующие shell-скрипты:
- dd if=<Package Folder>/lib/libyunba.so of=<Package Folder>/yunba
- chmod 777 <Package Folder>/yunba
- sh
Может автоматически отправлять СМС-сообщения.
